제출 #844567: Assimp commit 17c12da Double Free정보

제목Assimp commit 17c12da Double Free
설명A critical double-free memory corruption vulnerability exists in Assimp Library's PLY model parsing and exporting module. The flaw stems from conflicting memory ownership management of aiScene and aiMesh objects during model loading and exporting operations. When loading a maliciously crafted PLY model file via Assimp::Importer::ReadFileFromMemory and directly passing the returned const aiScene* object to Assimp::Exporter::ExportToBlob, duplicate memory release operations are triggered. The ExportToBlob function takes ownership of the scene object through std::unique_ptr<aiScene> and frees the associated aiMesh memory during pointer destruction. Subsequently, the Assimp::Importer destructor attempts to free the already released mesh memory again, resulting in a valid double-free corruption. This vulnerability occurs due to unreasonable memory ownership rules between the importer and exporter modules, causing redundant release of heap memory allocated by the PLY format loader. Remote attackers can exploit this flaw by supplying a malformed PLY model file, triggering memory corruption and program crash to cause a denial-of-service (DoS) condition, and potentially enabling arbitrary code execution or sensitive memory information disclosure.
원천⚠️ https://github.com/assimp/assimp/issues/6620
사용자
 TYGLS (UID 94774)
제출2026. 06. 01. AM 08:11 (1 월 ago)
모더레이션2026. 07. 03. PM 03:44 (1 month later)
상태수락
VulDB 항목376112 [Open Asset Import Library Assimp 까지 6.0.4 PLY Model PlyLoader.cpp ExportToBlob 메모리 손상]
포인트들20

Want to know what is going to be exploited?

We predict KEV entries!